- Created Dockerfile with non-root user (labuser UID 1000)
- Created docker-compose.yml with user directive (1000:1000)
- Created infrastructure verification script (6/6 tests pass)
- All INF-01 requirements satisfied
- TDD GREEN phase complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Test 1: docker-compose.yml is valid YAML
- Test 2: Dockerfile exists and has USER directive
- Test 3: docker-compose.yml has user directive (1000:1000)
- Test 4: Docker image builds successfully
- Test 5: Container runs as non-root (labuser)
- Test 6: docker-compose service verification
GREEN phase check: All infrastructure tests pass
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Defines service with local image build
- Specifies user directive (1000:1000) for non-root execution
- Includes container_name for easy reference
- Follows INF-01 requirement (no root)
- Enables test scripts to verify configuration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Base image: alpine:3.19 (small, secure)
- Creates non-root user with UID/GID 1000
- Switches to non-root user with USER directive
- CMD demonstrates non-root execution with whoami
- Follows INF-01 requirement (no root execution)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- docker-iam-parallels.md: Conceptual mapping between Docker and AWS IAM
- Side-by-side comparisons with practical examples
- Covers PARA-01, PARA-03, PARA-04 requirements
- Explains least privilege principle and best practices
- Links to AWS documentation for deeper learning
- docker-socket-permissions.md: Docker socket technical specs and access control
- linux-users-groups.md: Linux user management reference with commands
- iam-parallels.md: Quick reference table for IAM parallelism
- Pure reference material with tables and specifications
- Step-by-step verification of IAM configuration
- Multiple methods to verify non-root execution
- Explains principle of least privilege
- Integrates with automated test scripts
- Step-by-step guide for adding users to docker group
- Explains group membership evaluation timing issue
- Shows parallelism with AWS IAM User + Policy
- Includes multiple troubleshooting scenarios
- Step-by-step user creation guide for lab01_student
- Follows 'little often' principle with small incremental steps
- Includes verification at each step
- Troubleshooting section for common issues
- Created run-all-tests.sh to execute test suite in sequence
- Fail-fast approach stops on first failure (TDD RED phase)
- Provides summary and next steps (final verification)
- Can be run from any directory (uses absolute paths)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created 03-non-root-test.sh for INF-01 compliance validation
- Tests verify no container runs as root (safety requirement)
- Checks docker exec whoami, docker inspect, and compose file
- Handles missing infrastructure gracefully with SKIP results
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created test-02-docker-access.sh for socket access validation
- Tests verify socket permissions, docker group existence, and ownership
- Checks for usermod availability in /usr/sbin as well as PATH
- All tests pass against current Docker installation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created test-01-user-creation.sh for Linux user/group validation
- Tests verify user existence, docker group membership, and access control
- Uses helper functions for counter increments to work with set -e
- Handles missing sudo gracefully with SKIP results
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created SUMMARY.md for plan 01-02
- Updated STATE.md (position: 2/2 plans complete)
- Updated ROADMAP.md with plan progress
- Marked requirements GIT-04, GIT-05, SETUP-05 as complete
Phase 1 (Setup & Git Foundation) is now complete.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created labs/ directory with 5 lab subdirectories
- Created how-to-guides/ and reference/ directories
- Added placeholder README.md in each lab directory
- Created 3 bash scripts (check-env.sh, validate-compose.sh, reset-env.sh)
- All scripts follow CLAUDE.md standards with proper headers and exit codes
- Total: 491 lines of bash scripting with color-coded output
- Marked 5 requirements complete (SETUP-01 through SETUP-04, INF-05)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Stops all containers and removes user-created networks/volumes
- Interactive mode requires user confirmation before destructive operations
- --dry-run flag shows what would be deleted without actually deleting
- Preserves Docker default networks (bridge, host, none)
- Does NOT remove Docker images
- Color-coded output and clear warning messages
- Exit code 0 on success, 1 on cancellation or error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Validates docker-compose.yml syntax using 'docker compose config'
- Shows usage when called without arguments
- Handles missing files gracefully with clear error messages
- Supports -h/--help flag
- Color-coded output (green success, red error)
- Exit code 0 on valid config, 1 on errors
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Verifies Docker Engine >= 24.0, Compose V2, network utilities
- Reports system resources (RAM, CPU cores) with warnings if low
- Color-coded output (green pass, red fail, yellow warn)
- Exit code 0 on all checks pass, 1 on failures
- Idempotent - can be run multiple times safely
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
